Lucene search
K

949 matches found

Nuclei
Nuclei
added yesterday23 views

Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2024-7354 info: name: Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting...

6.1CVSS6.1AI score0.00662EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday33 views

WordPress Ninja Forms <3.3.18 - Cross-Site Scripting

WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...

6.1CVSS6.5AI score0.08903EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday44 views

Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

9.8CVSS7.2AI score0.54254EPSS
Exploits7References2
Nuclei
Nuclei
added yesterday47 views

WordPress Ninja Forms <3.4.34 - Open Redirect

WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wpajaxnfoauthconnect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive...

6.1CVSS6.4AI score0.01643EPSS
Exploits2References5
NVD
NVD
added 2026/07/03 6:16 a.m.10 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.10 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 4:30 a.m.21 views

CVE-2026-12557

CVE-2026-12557 affects the Ninja Forms - File Uploads plugin for WordPress. All versions up to 3.3.29 allow an unauthenticated user to bypass authorization, enabling reads of plugin debug logs stored in the wp_nf3_log table and permanent deletion of log rows via the debug-log/delete-all and debug...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.36 views

CVE-2026-12557 Ninja Forms - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion via debug-log/delete-all and debug-log/get-all REST Endpoints

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55494

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...

5.3CVSS6AI score0.00223EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/02 4:4 p.m.4 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - File Uploads = 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion vulnerability discovered by Ad4m5 in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 10:16 a.m.6 views

CVE-2026-13369

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attachfiles function in versions up to, and including, 3.3.29. This is due to the getfilesforattachment function accepting a raw attacker-controlled 'files' array when the process method returns early...

7.5CVSS0.00522EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 9:32 a.m.9 views

EUVD-2026-41275

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attachfiles function in versions up to, and including, 3.3.29. This is due to the getfilesforattachment function accepting a raw attacker-controlled 'files' array when the process method returns early...

7.5CVSS5.9AI score0.00522EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 9:32 a.m.18 views

CVE-2026-13369

CVE-2026-13369 affects the WordPress plugin Ninja Forms - File Uploads (versions up to 3.3.29). The vulnerability stems from the function chain around attach_files() → get_files_for_attachment() where a client-controlled raw files array is accepted when the process() method exits early due to a u...

7.5CVSS5.9AI score0.00522EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 9:32 a.m.41 views

CVE-2026-13369 Ninja Forms - File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attachfiles function in versions up to, and including, 3.3.29. This is due to the getfilesforattachment function accepting a raw attacker-controlled 'files' array when the process method returns early...

7.5CVSS0.00522EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/02 7:11 a.m.9 views

WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability

WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...

7.5CVSS5.8AI score0.00522EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/01 10:0 a.m.12 views

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by suyoung kimAhnLab - AhnLab in WordPress Plugin Ninja Forms versions = 3.14.1...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 7:16 a.m.8 views

CVE-2026-1239

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:35 a.m.40 views

CVE-2026-1239 Ninja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST Endpoint

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 5:35 a.m.31 views

CVE-2026-1239

The CVE-2026-1239 entry concerns the WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You. A missing authorization check on the REST callback ninja-forms-views/token/refresh affects all versions up to and including 3.14.1, permitting unauthenticated attackers to view form s...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder